Security Tools to protect your home network and your devices
We all use really sophisticated security tools at work, IPS/IDS, firewalls, SIEMs, PMP tools, IAM tools, GPO's etc. with various alerting methods, thresholds, analytics and reporting. We all know those tools are expensive and seriously many times only offered for big companies.
What I would like to know is what you all use for your own home networks or home labs to protect against viruses, data loss, Data Leakage, monitoring of network statistics, monitoring of network status, any type of reporting tools on the sites activities that takes place on your home networks, open ports, OS hardening techniques etc.
If you could provide any tools that would be great.
I'm currently using dashlane for password management and setting up nessus and solarwinds, but really stuck on what is the best approach to use these tools and need some opinions from fellow TE's
What I would like to know is what you all use for your own home networks or home labs to protect against viruses, data loss, Data Leakage, monitoring of network statistics, monitoring of network status, any type of reporting tools on the sites activities that takes place on your home networks, open ports, OS hardening techniques etc.
If you could provide any tools that would be great.
I'm currently using dashlane for password management and setting up nessus and solarwinds, but really stuck on what is the best approach to use these tools and need some opinions from fellow TE's
Comments
-
636-555-3226 Member Posts: 975 ■■■■■□□□□□Microsoft Security Essentials for AV. I'm not too susceptible to viruses with my current download activity.
Chrome security tightening. Adblock plus, HTTPS Everywhere, click-to-play plugins
KeePass for passwords
Bitlocker for disk encryption
Acronis True Image nightly full backups, encrypted & pw protected of course. Copy the latest image to an external that I keep in the office & bring in once a month for off-site backups
OpenDNS for the kids
Regular User accounts for the kids.
I think that's it.
I could run things like Splunk or Bro, but doing my cost/benefit analysis it was a no-brainer to not even think any further about doing that craziness. -
jdancer Member Posts: 482 ■■■■□□□□□□Are you looking to replicate enterprise level tools for the home? Since I'm a big fan of open-source, I use the following:
Zabbix
OSSEC
Logstash/Elasticsearch/Kibana
backuppc.sourceforge.net
dnsmasq
PassiveDNS from Github
FireHOL -
TheFORCE Member Posts: 2,297 ■■■■■■■■□□I've heard good things about pfsense but i noticed they were on the latest VCE's for remote code execution vulnerabilities. I'll take a look at the tools mentioned, do they work on linux or windows or both? Also, how are you guys running these, on a dedicated machine or on your main machine that you use for surfing?
-
stryder144 Member Posts: 1,684 ■■■■■■■■□□I have done a few things:
1. Install ZoneAlarm
2. Install Firefox with EFFs Privacy Badger and HTTPS Everywhere, NoScript Suite, and Adblock Plus extensions added
3. Install Bitdefender - free edition
4. Install Avast! Free - overkill, I suppose, but it quietly sits right alongside of Bitdefender without any conflicts
5. Eraser - for when a file truly, completely needs to be wiped...you know, for those special emails that shouldn't be sent to your home account!
6. CCleaner - set up to wipe using a minimum DoD 3-wipe on less powerful computers and 7-wipe on better configured devices
7. MalwareBytes - free version for those times when you're feeling extra paranoid (or about once every two weeks or so)
8. Emsisoft Emergency Kit - again, paranoia isn't too much, is it?
9. Microsoft's Enhanced Mitigation Experience Toolkit - to make sure that other programs are locked down(ish)
10. Microsoft's Baseline Security Analyzer
11. BelArc Advisor - it looks for security updates for Windows and common applications and alerts you (via red text), it also looks for default, but vulnerable, accounts
12. On our Windows and Mac OS X computers, we have all users log in with a standard account. The Windows 7 Home Premium computer has Group Policy Editor installed and all software installs are prohibited without admin password (I realize that a standard user account shouldn't be able to install software but have seen it fail, I haven't yet seen a policy fail)
13. In the process of getting the motivation to setup the 4TB MyCloud drive for data backups. I know I should set it up but have no motivation. I regularly backup my own computer, I'm just too lazy right now to set up backup for the other computers.
14. My home router is setup for maximum security.
I thought about building a tiny box to house Sophos UTM Home Edition. Naturally, that would require a complete reconfiguration of my home network. Frankly, I don't have a convenient place to put the box that would house the UTM and my wife is very sensitive to too much tech equipment near our modem (which is in the kitchen). Once we move next year, hopefully I will have the presence of mind to have our demarc point in my office. We will see, I suppose.The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia
Connect With Me || My Blog Site || Follow Me -
gespenstern Member Posts: 1,243 ■■■■■■■■□□Actually, nothing. Just common sense. Since I'm in control of everything bad things never happened to me because I'm a cautious and very reserved guy. Which means that I have no history of incidents. Which means that I can't do a correct risk assessment and analysis. Which means that expenses presented to a part of my brain that is responsible for budgeting can't be justified. It just won't approve, I tried.
-
wes allen Member Posts: 540 ■■■■■□□□□□Timely OS and 3rd party patches
Limited user account
EMET
Adblock and noscript
No Flash/Java installed (other than chrome, and flash is disabled there).
1Password
MFA on all online accounts that support it.
AppLocker currently, but since I can't buy a copy of windows enterprise as a non enterprise org, I will be going to win 10 pro once my 90 day trial of 8.1 enterprise expires. -
Justin- Member Posts: 300I think this thread would be great if it could be stickied. Everyone just inputs their opinions on what they use at home, and it could really be useful for new members in the field of Security.
Just my opinion, though. -
Deathmage Banned Posts: 2,496I use a Sonicwall IPS/IDS/GW-AV at home for a firewall and then have a 8 TB NAS which I use Veeam to do backups of the VMware hosts and my personal PC's, on top of countless 1-4TB externals. I also use Mcafee and Avria AV. Everyone sits on a about 6 APC UPS 1500's, a big fan of CCleaner and Malwarebytes.
-
Mike-Mike Member Posts: 1,860Currently just using microsoft for av, but I think I'm about to get that Trend Micro.
I do have Malwarebytes Anti-malware premium, and their semi-new Anti-Exploit product.
I also have UPS' everywhere, multiple external hard drives, and I'm pretty heavy in the cloud with Google Drive, OneDrive and Dropbox. Using MSecure and Keeper Security for password management.Currently Working On
CWTS, then WireShark -
Mooseboost Member Posts: 778 ■■■■□□□□□□Bitlocker for encryption. Have been running BitDefender, but it is on its way out to be replaced probably with MalwareBytes. I don't boot up the home PC these days for much more than gaming, so I don't worry about it too much. I have an off-line PC that I use for my lab, so security isn't a major concern for it.